package com.chinaunicom.emergency.config;

import com.chinaunicom.emergency.config.entrypoint.MyAuthenticationEntryPoint;
import com.chinaunicom.emergency.config.handler.MyAccessDeniedHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * @Author liliang
 * @Date 2020/1/20 10:49
 * @Version 1.0
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        //自定义资源访问认证异常，没有token，或token错误，使用MyAuthenticationEntryPoint
        resources.authenticationEntryPoint(new MyAuthenticationEntryPoint());
        resources.accessDeniedHandler(new MyAccessDeniedHandler());
    }
    @Override
    public void configure(HttpSecurity http) throws Exception {

//     http// 关闭跨域请求
//    .csrf().disable()
//    .exceptionHandling()
//    .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
//    .and().authorizeRequests()
//    // 定义权限配置
//    // 允许/test和/oauth/token请求路径
//    .antMatchers("/verification","/login","/druid","/v2","/actuator/").permitAll()// 这两个页面任何人都可以访问
//    .anyRequest().authenticated()// 其他任何请求都需要验证
//    .and().formLogin().permitAll()// 允许任何人访问登录url
//                .and().httpBasic();

        //所有请求必须认证通过
        http.authorizeRequests()
                //下边的路径需要校验
                .antMatchers("/api/").authenticated()
                //其余的路径需要放行
                .anyRequest().permitAll();

    }
}
